thierry brunet - it best practices & frameworks overview

eMedia Technologie

IT Best practices overview, mapping and implementationThierry Brunet, Director Associates

10/04/23

The Legacy Modernization Company

Agenda

10/04/23

IT Best practices, Frameworks & Standards COBIT 4.1 ITIL V2 and V3 CMM-i Mappings Implementations and Change Management Benefits of IT Best practices Implementation eMedia Technologie presentation

IT Best Practices, Framework, & Standards

overview“the quality of a system or product is highly influenced by the quality of the process used to develop and maintain it,”

(SEI)

10/04/23

Stabilizing IT with Process Methodologies

IT organization activity

Continuous Improveme

nt

Point Improveme

nt

Certification and

documentation

Schema

Planning Decision Developpement and Acquisition

Deployement

Exploitation

IT Best practices roles

10/04/23

COBIT 4.1

10/04/23

What is COBIT? COBIT (Control Objectives for IT) is a

Framework• Defines IT Processes, Goals and Metrics• Defines Maturity Levels for each Process• Defines Responsibilities for each Process• Provides Management guidelines• Mapped with other frameworks (Coso, ITIL,

CMMi, ISO20000, ISO2700-x…)

10/04/23

COBIT 4.1

10/04/23

Defined Responsibilities for Each Process

RACI Chart A RACI chart identifies who is Responsible, Accountable, Consulted and/or Informed.

10/04/23

COBIT 4.1 Tools

10/04/23

COBIT Certifications Enterprise and Individual certifications CISA (Certified Information Systems Auditor) ISACA certification Certifications helps company to reach a level

of IT Governance, and IT Compliance requested by : SOX, BASLE II, Solvency II,…

10/04/23

ITIL (Information Technology Information Library)

10/04/23

Origin of ITIL• British Government’s effort to improve IT

management • Developed by in the late 1980’s• Originally, a library of over 40 books that

documented various IT Service areas, processes and standards

• Today, a library of 8 books, under the auspices of OGC

10/04/23

ITIL V2 Process Reference Framework

FinancialManagementfor IT services

Capacity Management

Availability Management

IT Service ContinuityManagement

IncidentManagement Problem Management

Change Management

Configuration Management

Release Management

ITInfrastructureITInfrastructure

security

security

Service DeskService Desk

Service Level Management

Service reportsIncident statistics

Audit reports

CMDB

IncidentManagement

ProblemManagement Change

Management ReleaseManagement

ConfigurationManagement

IncidentsProblems

Known ErrorsChanges Releases

CIsRelationships

Incidents

ManagementTools

CMD reportsCMDB statisticsPolicy/standards

Audit reports

Incidents

Service Desk

DifficultiesQueriesEnquires

CommunicationsUpdates

Work-arounds

Customersurvey reports

Changes

Releases

The Business, Customers, or Users

Release scheduleRelease statisticsRelease reviewsSecure library

Testing StandardsAudit reports

Change scheduleCAB minutes

Change statisticsChange reviews

Audit reports

Problem statisticsTrend analysis

Problem reportsProblem reviewsDiagnostic aidsAudit reports

THE SERVICE SUPPORTPROCESS MODEL

10/04/23

MaintainabilityReliability

ServiceabilityStatistics&incidents

Audit reports

CMDB

AvailabilityManagement

CapacityManagement Business

ContinuityManagement Financial

Management

ConfigurationManagement

IncidentsProblems

Known ErrorsChanges Releases

CIsRelationships

Incidents Incidents

(SLM)Service Desk

DifficultiesQueriesEnquires

CommunicationsUpdates

Workarounds

Customersurvey reports

StandardsStatisticsReports

Audit reports

ReviewsPlansTests

Audit reports

Performance statistics&incidents

PlansTrend analysisDiagnostic aidsAudit reports

THE SERVICE DELIVERYPROCESS MODEL

CMD reportsCMDB statisticsPolicy/standards

Audit reports

The Business, Customers, or Users

10/04/23

ITIL V3 reference framework

10/04/23

Certifications Individual

ITIL Foundation ITIL Practitioner ITIL Service Manager

10/04/23

ISO 20000

10/04/23

CMMI-DEV

CMMI-ACQ – CMMI-SERV

10/04/23

CMMI-DEV Processes

10/04/23

Causal Analysis and Resolution (CAR) Configuration Management (CM) Decision Analysis and Resolution (DAR) Integrated Project Management (IPM) Measurement and Analysis (MA) Organizational Process Definition (OPD) Organizational Process Focus (OPF) Organizational Performance

Management (OPM) Organizational Process Performance

(OPP) Organizational Training (OT) Product Integration (PI)

Project Monitoring and Control (PMC) Project Planning (PP) Process and Product Quality Assurance

(PPQA) Quantitative Project Management

(QPM) Requirements Development (RD) Requirements Management (REQM) Risk Management (RSKM) Supplier Agreement Management

(SAM) Technical Solution (TS) Validation (VAL) Verification (VER)

CMMI Staged Representation - 5 Maturity Levels

Level 5

Initial

Level 1

Processes are unpredictable, poorly controlled, reactive.

Managed

Level 2

Processes are planned, documented, performed, monitored, and controlled at the project level. Often reactive.

Defined

Level 3 Processes are well characterized and understood. Processes, standards, procedures, tools, etc. are defined at the organizational (Organization X ) level. Proactive.

Quantitatively Managed

Level 4

Processes are controlled using statistical and other quantitative techniques.

Optimizing

Proc

ess

Mat

urity

Process performance continually improved through incremental and innovative technological improvements.

10/04/23

Certifications Given by SEI (Software Engineering Institute) Enterprise Level (certifies a Maturity Level) Individual Level (CMMI Lead appraisal) Used Methods : Standard CMMI Appraisal

Method for Process Improvement (SCAMPI)

10/04/23

IT Best Practices, Frameworks & Standards

mappingCOBIT, ITIL, ISO2700x, CMMi

10/04/23

Deliver and Support(DS Process Domain)Deliver and Support(DS Process Domain)

Monitor and Evaluate(ME Process Domain)

Monitor and Evaluate(ME Process Domain)

Acquire and Implement(AI Process Domain)Acquire and Implement(AI Process Domain)

Plan and Organise(PO Process Domain)

Plan and Organise(PO Process Domain)

10/04/23

Deliver and SupportDeliver and SupportMonitor and EvaluateMonitor and Evaluate

Planning & Organization

Acquire and Implement


Acquire and ImplementPlan and OrganisePlan and OrganiseDefine Strategic IT Plan

Define Strategic IT Plan

Define IT ProcessesOrganisation and Relationships


Manage IT InvestmentManage IT

Investment

Determine Technological Direction


Communicate ManagementtAims and Direction


Manage IT HumanResource


Assess and Manage IT Risks


Manage ProjectsManage

Projects

ManageIT QualityManage

IT Quality

Identify Automated Solutions


Acquire and Maintain Application Software


Acquire and Maintain Technology Infrastructure


Manage ChangeManage

Change

Install and Accredit Systems


Enable operation and use


Manage Performance and Capacity


Ensure Continuous Service


Ensure System Security


Identify and Allocate Costs


Manage Third-party Services


Define and Manage Service Levels


Educate and Train Users


ManageOperationsManage

Operations

Manage ConfigurationManage

Configuration

Manage Service Deskand Incidents


Manage DataManage

Data

ManagePhysical environment


Manage ManageProblems


Monitor And EvaluateITPerformance


Monitor andEvaluateInternal Controls


EnsureComplianceWith ExternalStandards


Provide ITGovernanceProvide IT

Governance

Define Information Architecture


ITIL V2 mapping with COBIT 4.1ITIL V2 mapping with COBIT 4.1Service DeliveryService DeliveryService SupportService Support

Service DeskService

Desk

Incident ManagementIncident

Management

Change ManagementChange

Management

Release ManagementRelease

Management

Problem ManagementProblem

Management

ConfigurationManagementConfiguration

Management



Availability ManagementAvailability

Management

FinancialManagementFinancial

Management

Continuity ManagementContinuity

Management

CapacityManagementCapacity

Management

ProcureIT Ressources


10/04/23










Investment










Projects


IT Quality







Manage ChangeManage

Change




















Operations


Configuration



Manage DataManage

Data



ManageProblemsManage

Problems








Governance



ITIL V2 mapping with COBIT 4.1ITIL V2 mapping with COBIT 4.1Service DeliveryService DeliveryService SupportService Support

Service DeskService

Desk

Incident ManagementIncident

Management

Change ManagementChange

Management

Release ManagementRelease

Management

Problem ManagementProblem

Management

ConfigurationManagementConfiguration

Management



Availability ManagementAvailability

Management

FinancialManagementFinancial

Management

Continuity ManagementContinuity

Management

CapacityManagementCapacity

Management



10/04/23










Investment










Projects


IT Quality







Manage ChangeManage

Change




















Operations


Configuration



Manage DataManage

Data



ManageProblemsManage

Problems








Governance



ITIL V3 mapping with COBIT 4.1ITIL V3 mapping with COBIT 4.1



10/04/23










Investment










Projects


IT Quality







Manage ChangeManage

Change




















Operations


Configuration



Manage DataManage

Data



Manage ProblemsManage

Problems








Governance



ISO 2700x Family mapping with COBIT 4.1ISO 2700x Family mapping with COBIT 4.1



10/04/23










Investment










Projects


IT Quality







Manage ChangeManage

Change




















Operations


Configuration



Manage DataManage

Data












Governance



CMMI for Development 1.3 mapping with COBIT 4.1CMMI for Development 1.3 mapping with COBIT 4.1



10/04/23

IT Best Practices, Standards & Frameworks Implementation

A pragmatical approach

10/04/23

Why Starting? Volunteer Motivation

Platform interconnection > new architecture > new processes

Motivation by constraint Regulations (Local, from EU, BASLE II, Solvency II,

…) Government initiative From a partner From a customer

By interest Customer Insurance

10/04/23

The Deming Cycle Plan

Scoping, Risk Assesment Risk Management Documentation

Do Resources Allocation Training Management Documentation

Check Project metrics Process metrics System Audit

Act Make Decision froms metrics

10/04/23

10/04/23

Comprehensive Approach to Improvement

Six σ

IT Operational Processes — ITIL

App. Development Processes — CMMI

Project Management Processes — PMI

1. Establish the Work

2. Align Roles With Work RACIRACI

3. Identify Appropriate Measures

4. Apply Governance

CobiT

Implementing IT Governance

10/04/23

10/04/23

Implementing IT Service Management

Service Delivery: Service-level

management Financial management Capacity management IT service continuity Availability management

Service Support: Incident management Problem management Change management Configuration

management Release management

Service Desk

Promote Change

10/04/23

• Integrate the management of change in the approach

• Involvement of management

• Motivate human resources

• Measure and improve the achievements

Enterprise Change Management

ManageChangeManageChange

10/04/23

OrganizationOrganizationCultureLeadershipSponsorship

PeoplePeopleEngagementTraining

ProcessesProcessesReuseAutomateTemplatesMeasure

TechnologyTechnologyITIL (at least)Configuration ManagementAsset ManagementService DeskSupervision toolCOBITExcel or IT Governance & Risk Management tool

Culture Program

10/04/23

eMedia Technologie

10/04/23

Software DistributionIndustry solutionsIT Service ManagementData ManagementWorkload Management

Business ConsultingB2B, B2C Business DevelopmentEnterprise Change ManagementCoachingIndustry Solutions

IT ConsultingIT ModernizationIT GovernanceIT Services ManagementIT Security ManagementApplication Management Business IntelligenceIT Infrastructure

Management

Questions - Réponses

10/04/23

thierry brunet - it best practices & frameworks overview

Technology

management guidelines

change management benefits

service support process

service areas

process methodologies

frameworks standards

process raci chartaracichart

itil v3 reference framework